Users of ADT home security systems have filed a class action against the vendor after discovering that a technician used his own credentials to set up the hardware and then spied on them.
ADT Pulse is a complete home security package including smart locks, an alarm system and surveillance cams, all controllable from a handy smartphone app.
“Our highly trained, certified technicians will professionally install your ADT security system,” according to the official ADT website. “Once installed, your technician will test your system to be sure it is working properly, and show you how it works for easy use from day one.”
What the website doesn’t say is that rogue employees might set up the system in such a way that they can later access the customer’s homes, or spy on them “in their most private and intimate moments,” according to the lawsuit filed by Alexia Preddy and Shana Doty, both of Texas, named as lead plaintiffs in the suits.
Which is exactly what happened, according to the filings.
Preddy was a teenager when the Dallas-area technician who had installed their indoor security camera granted himself remote access by adding his personal email address to her account, Preddy claims. The employee then used that access nearly 100 times to spy on her and other household members, the Sun Sentinel reports.
A news release from the Dallas-based Fears Nachawati Law Firm says that ADT “failed to provide rudimentary safeguards” to prevent employees from gaining remote access to the customers’ cameras over a seven-year period.
ADT reportedly failed to fix vulnerabilities in its smartphone and smart-watch apps, “leaving not only the lone Dallas technician but potentially countless other ADT employees with the ability to secretly open locks at homes and view security camera footage,” the suit states.
“The mental and emotional impact this revelation has had on every person receiving these calls from ADT is immeasurable,” it adds. “Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party. And worse, those moments could have been captured, shared with others, or even posted to the internet.”
ADT allegedly notified customers of the breaches, then tried to buy their silence, according to the court papers.
The vendor is not at its first run-in with such accusations. In 2028, the company reportedly agreed to pay multi-million dollar settlements in Illionis, Arizona, Florida and California over vulnerabilities that allowed hackers to access home security systems.